North Korean Hackers Are Attacking US Hospitals

With a major United States intelligence authority set to expire at the end of the year, and a congressional showdown brewing over whether or not to renew it, new details of an internal audit show that US Federal Bureau of Investigation (FBI) personnel have repeatedly conducted unlawful searches of data collected under the imperiled surveillance authority. Agents requested information on journalists, a US congressman, and a political party as a result of what the US Department of Justice called “misunderstandings.”

This week, WIRED spoke to the creator of Sinbad.io, a cryptocurrency privacy service popular among North Korean hackers and other cybercriminals that has facilitated money laundering for tens of millions of dollars. And officials from the United Kingdom and the United States announced sanctions against seven alleged members of the Conti and Trickbot ransomware groups, publishing their real-world names, dates of birth, email addresses, and photos. The two governments also took the unusual step of stating plainly that they see evidence of links between Russia-based cybercrime groups and the Kremlin’s intelligence services.

US President Joe Biden asserted in his State of the Union address this week that the US needs a bipartisan effort to “impose stricter limits on the personal data that companies collect on all of us.” Reactions in Washington after the speech were hopeful, but also realistic that getting a national privacy law on the books in the US anytime soon may prove too much of a political minefield to traverse. Meanwhile, legal experts told WIRED this week that the US’s Fair Credit Report Act should already curtail the information about Americans that data brokers can collect and sell. A new letter to the Consumer Financial Protection Bureau called on the agency to start enforcing violations.

We looked at how Moscow’s expansive smart city initiative, launched with the promise of reduced crime rates, is increasingly being used for draconian AI-assisted surveillance in the city amid Vladimir Putin’s war in Ukraine. And if you were hoping to delete your Twitter DMs through GDPR requests for erasure, the company doesn’t seem to have any plans to comply.

Plus, there’s more. Each week we round up the stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

North Korea’s elite state-sponsored hackers are some of the world’s most relentless—stealing millions of cryptocurrency each year to evade sanctions and fund the hermit nation’s nuclear programs. A new security alert from officials in the US and South Korea this week reveals how ruthless the country’s threat actors can be. State-backed hackers used around a dozen types of malware and ransomware to attack South Korean and US hospitals and health care systems, according to the US National Security Agency (NSA), FBI, and Cybersecurity and Infrastructure Security Agency (CISA).

John Hultquist, who leads intelligence analysis at security firm Mandiant, says the attacks are linked to the Andariel group and that several hospitals “have had to weather major disruptions” because of the attacks. In some of their operations, the advisory from the governments says, the attackers would try to “obfuscate” their involvement, use VPNs or virtual private servers to mask their location, and use common vulnerabilities to gain access to networks. The attackers used their own privately developed malware along with ransomware strains belonging to other groups, such as LockBit.

Pro-Chinese bot accounts on Twitter and Facebook have spread news videos in which presenters decry the lack of action against gun violence in the US and promote China’s world politics. The messaging isn’t exactly anything new, but there’s a twist to the propaganda: The news anchors in the videos—one man and one woman—aren’t real. They’re AI-generated characters, commonly known as deepfakes. The videos were discovered last year by disinformation research firm Graphika, which says it is the “first time we’ve seen this in the wild.” The company says it believes the videos were created using a commercial AI video software service, and were low-quality overall. None of the videos had more than 300 views.

Researchers from universities in the UK and Ireland have discovered that leading Android phones in China are hoovering up people’s personal data. The pre-installed operating systems on Xiaomi, OnePlus, and Oppo Realme devices are collecting people’s locations, call history, and profile information before sending it on to third parties, according to a study from academics at the University of Edinburgh and Trinity College Dublin. The researchers conducted the research on phones bought in China and measured the network traffic the devices generate. In many instances, they write, people aren’t notified about the data that’s collected or given any choices to opt out. The study reiterates how different privacy rules are in China compared to many other parts of the world and the myriad ways people can be tracked. “The data shared by the global version of the firmware is mostly limited to device-specific information,” the researchers conclude.

Reddit said on Thursday that hackers had accessed its source code after a successful phishing attack compromised an employee’s system credentials. The incident also exposed the contract information of hundreds of current and former Reddit employees and contacts. Reddit, which is owned by WIRED’s parent company Advance Publications, said that the incident did not impact user passwords or production systems, but suggested that users reset their passwords and ensure they have two-factor authentication turned on for their accounts. The company also said that the lessons it learned after suffering a data breach five years ago were protective and helpful in dealing with the recent incident.